gitlab-mcp-agent-server 0.2.6 → 0.2.8

package/build/src/infrastructure/auth/gitlab-oauth-manager.js

@@ -11,6 +11,7 @@ class GitLabOAuthManager {
     options;
     tokenStore;
     oauthBaseUrl;
+    pendingOauth;
     constructor(options) {
         this.options = options;
         this.tokenStore = new oauth_token_store_1.OAuthTokenStore(options.tokenStorePath);
@@ -47,6 +48,66 @@ class GitLabOAuthManager {
         this.tokenStore.write(interactiveToken);
         return interactiveToken.accessToken;
     }
+    async startOAuthAuthorization() {
+        const stored = this.tokenStore.read();
+        if (stored && !isExpiringSoon(stored.expiresAt)) {
+            return {
+                status: 'already_authorized',
+                message: 'OAuth token already exists and is valid.'
+            };
+        }
+        if (this.pendingOauth) {
+            return {
+                status: 'in_progress',
+                message: 'OAuth authorization is already in progress in this process.',
+                localEntryUrl: this.pendingOauth.localEntryUrl,
+                authorizeUrl: this.pendingOauth.authorizeUrl
+            };
+        }
+        const lockFilePath = `${this.options.tokenStorePath}.oauth.lock`;
+        const lock = acquireOauthLock(lockFilePath);
+        if (!lock.acquired) {
+            return {
+                status: 'waiting_other_process',
+                message: 'OAuth flow is already running in another process for this instance.',
+                lockFilePath
+            };
+        }
+        let links;
+        const promise = this.loginInteractively((readyLinks) => {
+            links = readyLinks;
+        })
+            .then((token) => {
+            this.tokenStore.write(token);
+        })
+            .finally(() => {
+            lock.release();
+            this.pendingOauth = undefined;
+        });
+        // Wait a short time until listener is ready and URLs are known.
+        const maxReadyWaitMs = 2_000;
+        const pollMs = 100;
+        let waited = 0;
+        while (!links && waited < maxReadyWaitMs) {
+            await sleep(pollMs);
+            waited += pollMs;
+        }
+        if (!links) {
+            lock.release();
+            throw new Error('Failed to start OAuth callback listener.');
+        }
+        this.pendingOauth = {
+            ...links,
+            startedAt: new Date().toISOString(),
+            promise
+        };
+        return {
+            status: 'started',
+            message: 'Open the provided URL and complete OAuth authorization.',
+            localEntryUrl: links.localEntryUrl,
+            authorizeUrl: links.authorizeUrl
+        };
+    }
     async loginInteractivelyWithLock() {
         const lockFilePath = `${this.options.tokenStorePath}.oauth.lock`;
         const lock = acquireOauthLock(lockFilePath);
@@ -54,6 +115,13 @@ class GitLabOAuthManager {
             try {
                 return await this.loginInteractively();
             }
+            catch (error) {
+                if (error instanceof OAuthCallbackPortBusyError) {
+                    console.error(error.message);
+                    return this.waitForTokenFromOtherProcess(lockFilePath);
+                }
+                throw error;
+            }
             finally {
                 lock.release();
             }
@@ -111,7 +179,7 @@ class GitLabOAuthManager {
         const payload = (await response.json());
         return mapTokenResponse(payload);
     }
-    async loginInteractively() {
+    async loginInteractively(onReady) {
         this.assertOAuthClientCredentials();
         this.assertRedirectUri();
         const redirect = new URL(this.options.redirectUri);
@@ -190,9 +258,18 @@ class GitLabOAuthManager {
             });
             server.on('error', (error) => {
                 settled = true;
+                const errno = error;
+                if (errno.code === 'EADDRINUSE') {
+                    reject(new OAuthCallbackPortBusyError(`OAuth callback port is busy (${redirect.hostname}:${resolvePort(redirect)}). If another OAuth flow is active, finish it and retry.`));
+                    return;
+                }
                 reject(new Error(`OAuth callback server failed on ${redirect.hostname}:${resolvePort(redirect)}: ${error.message}`));
             });
             server.listen(resolvePort(redirect), redirect.hostname, () => {
+                onReady?.({
+                    localEntryUrl,
+                    authorizeUrl: authorizeUrl.toString()
+                });
                 const opened = this.options.openBrowser && openInBrowser(localEntryUrl);
                 if (!opened) {
                     console.error('Open this local URL to start OAuth authorization:');
@@ -315,6 +392,12 @@ class OAuthRefreshError extends Error {
         this.name = 'OAuthRefreshError';
     }
 }
+class OAuthCallbackPortBusyError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'OAuthCallbackPortBusyError';
+    }
+}
 function shouldReloginOnRefreshFailure(error) {
     if (!(error instanceof OAuthRefreshError)) {
         return false;
@@ -375,6 +458,15 @@ function isStaleLock(lockFilePath) {
     try {
         const raw = (0, node_fs_1.readFileSync)(lockFilePath, 'utf8');
         const parsed = JSON.parse(raw);
+        if (parsed.startedAt) {
+            const startedAtMs = new Date(parsed.startedAt).getTime();
+            if (!Number.isNaN(startedAtMs)) {
+                const ageMs = Date.now() - startedAtMs;
+                if (ageMs > 10 * 60 * 1000) {
+                    return true;
+                }
+            }
+        }
         if (!parsed.pid || !Number.isInteger(parsed.pid)) {
             return true;
         }

package/build/src/interface/mcp/create-mcp-server.js

@@ -33,6 +33,7 @@ function createMcpServer() {
             openBrowser: config.gitlab.oauth.openBrowser
         })
         : new token_provider_1.StaticTokenProvider(config.gitlab.accessToken);
+    const oauthManager = tokenProvider instanceof gitlab_oauth_manager_1.GitLabOAuthManager ? tokenProvider : undefined;
     const gitlabApiClient = new gitlab_api_client_1.GitLabApiClient({
         apiUrl: config.gitlab.apiUrl,
         tokenProvider
@@ -45,6 +46,7 @@ function createMcpServer() {
     const issueWorkflowPolicy = new issue_workflow_policy_1.IssueWorkflowPolicy(config);
     (0, register_tools_1.registerTools)(server, {
         config,
+        oauthManager,
         projectResolver,
         issueWorkflowPolicy,
         healthCheckUseCase: new health_check_1.HealthCheckUseCase(),

package/build/src/interface/mcp/register-tools.js

@@ -4,6 +4,18 @@ exports.registerTools = registerTools;
 const zod_1 = require("zod");
 const errors_1 = require("../../shared/errors");
 function registerTools(server, deps) {
+    if (deps.oauthManager) {
+        server.registerTool('gitlab_oauth_start', {
+            title: 'GitLab OAuth Start',
+            description: 'Starts OAuth authorization flow and returns links to complete authorization in browser.',
+            inputSchema: {}
+        }, async () => {
+            return runTool(async () => {
+                const result = await deps.oauthManager?.startOAuthAuthorization();
+                return result ?? { status: 'unsupported', message: 'OAuth mode is not enabled.' };
+            });
+        });
+    }
     server.registerTool('health_check', {
         title: 'Health Check',
         description: 'Returns server status.',

package/docs/USER_GUIDE.md

@@ -143,6 +143,7 @@ npx -y gitlab-mcp-agent-server
 
 ## 8. Быстрая проверка работоспособности
 
+0. Если нужен OAuth URL прямо в чате агента, вызови `gitlab_oauth_start`.
 1. Вызови `gitlab_list_labels`.
 2. Создай issue: `gitlab_create_issue`.
 3. Получи issue: `gitlab_get_issue`.
@@ -176,6 +177,7 @@ npx -y gitlab-mcp-agent-server
 1. Проверь stale lock и удали его:
    - `rm -f ~/.config/gitlab-mcp/<gitlab-host>/token.json.oauth.lock`
 2. Повтори запрос и заверши OAuth в браузере в течение окна авторизации.
+3. Или сначала вызови `gitlab_oauth_start` и открой `localEntryUrl` из ответа.
 
 ## 10. Advanced (необязательно)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gitlab-mcp-agent-server",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "description": "MCP server for GitLab integration via OAuth",
   "main": "build/src/index.js",
   "bin": {